Wednesday, May 17, 2017

As many of you are aware, a rather onerous firmware exploit was discovered in February that affects most modern Intel processors. The exploit has been dubbed "Silent Bob Is Silent" and can grant an adversary remote access to your computer beneath the OS level. This not only affect Windows machines but Mac and Linux as well.“The exploit is trivial, max five lines of Python, could be doable in one-line shell command. It gives full control of affected machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware), and read and modify any data. For security servers, it may allow disabling security features, creating fake credentials, or obtaining root keys. … IT folks, KEEP WORKING THROUGH THE WEEKEND, DISABLE AMT NOW or block access to it. This can get ugly.”
Read the full pieceHERE
The linked post will cover some methods for determining if your system is vulnerable. It should be noted that the Intel vPro model CPUs are most vulnerable.

I should point out that the SEPIO laptops are not vulnerable to this exploit.Note: A quick fix you could employ while waiting for a patch is to block the following ports in your router/AP firewall: 16992, 16993, 16994, 16995, 623, 664. This will block it for the time being. I would also disable IPv6 as it uses random IPv6 ports.

Friday, May 12, 2017

Those leaked NSA TAO tools have been in the wild for a few weeks now.....and now we have this.

"According to CrowdStrike's vice president of intelligence Adam Meyers, the initial spread of WannaCry is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked that initiates the WannaCry infection.But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. "This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire," he told Forbes. "It's going through financials, energy companies, healthcare. It's widespread."Given the malware is scanning the entire internet for vulnerable machines, and as many as 150,000 were deemed open to the Windows vulnerability as of earlier this month, WannaCry ransomware explosion is only expected to get worse over the weekend."Read the whole piece here WannaCry exploit***
The WannaCry malware currently is wreaking havoc with the UK healthcare system.
This attack uses the leaked Eternalblue malware from NSA and is a nasty one. Yet another reason to move away from Windows and into a Linux based distro (preferably a hardened one).

Thursday, May 11, 2017

"A very important question remains: What exactly could WindsorBlue, and then WindsorGreen, crack? Are modern privacy mainstays like PGP, used to encrypt email, or the ciphers behind encrypted chat apps like Signal under threat? The experts who spoke to The Intercept don’t think there’s any reason to assume the worst.“As long as you use long keys and recent-generation hashes, you should be OK,” said Huang. “Even if [WindsorGreen] gave a 100x advantage in cracking strength, it’s a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256.”Translation: Older encryption methods based on shorter strings of numbers, which are easier to factor, would be more vulnerable, but anyone using the strongest contemporary encryption software (which uses much longer numbers) should still be safe and confident in their privacy."***

Read the full article here Intercept Article and make sure you grok the implications.

Libertas ad omne audendum

Quotes...

About Me

Combat Veteran, Owner/Instructor CSG Inc, Overseas Government Contractor, Wilderness Medic.
It has been my privilege to have trained literally thousands of personnel from all four branches of the military, special operations forces, federal agencies, police and responsible citizens, in firearms, tactics, survival and trade-craft.